@billyh said in help: Malware and/or backdoors in Retropie??: It's probably me but to me it looks like @Clyde and @cyperghost are saying two different things? Not really, we more of complemented each other. @cyperghost's comment about open ports in the router's firewall are valid, though they should be closed in the router's initial factory setup. It doesn't hurt to check a router's setup for open ports, though, especially if multiple people have admin access to it, or the device was bought pre-owned. It also doesn't hurt to read the tech news about vulnerabilites in common routers, or an occational web search for one's own router model in that regard. Finally, the advice to set strong passwords also applies to one's router, of course, lest it may be manipulated like @cyperghost said. ]:} ... So, in the end, I guess, the main problem with the OP was that the Pi with unchanged credentials was connected to a compromised internet connection? The way I read it as first was that the unchanged credentials was exactly what made the connection an unsafe one but it seems now that there must've been a step or two before that that went awry. Supposedly yes, but without more details from @RikFlorence, we can only suspect that much.